Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A controller, comprising: a host interface for communicating with a host; a memory interface; and a processor, configured to: receive from the host, via the host interface, instructions for execution in a Non-Volatile Memory (NVM); identify among the instructions an instruction, which (i) conforms to a Replay-Protected Monotonic Counter (RPMC) specification, (ii) pertains to a secure monotonic counter and (iii) is intended for execution in an NVM having a secure monotonic counter embedded therein; execute the identified instruction in accordance with the RPMC specification, and respond to the host responsively to the instruction, instead of the NVM; and communicate, via the memory interface, with an NVM that does not have an embedded secure monotonic counter, and to forward the instructions other than the identified instruction to the NVM for execution.
This invention relates to a controller for managing secure monotonic counter operations in a system where a host interacts with a Non-Volatile Memory (NVM) that lacks an embedded secure monotonic counter. The problem addressed is ensuring secure execution of Replay-Protected Monotonic Counter (RPMC) instructions when the NVM does not natively support such functionality. The controller includes a host interface for communicating with the host, a memory interface for interacting with the NVM, and a processor. The processor receives instructions from the host and identifies those that conform to the RPMC specification, pertain to a secure monotonic counter, and are intended for an NVM with an embedded secure counter. Instead of forwarding these instructions to the NVM, the controller executes them locally in accordance with the RPMC specification and responds to the host directly. Other instructions are forwarded to the NVM for execution. This approach allows the controller to emulate secure counter functionality when the NVM lacks native support, ensuring compatibility and security without requiring modifications to the NVM itself. The solution enables secure counter operations in systems where the memory hardware does not inherently support them.
2. The controller according to claim 1 , wherein, when executing the identified instruction, the processor is configured to override a Chip-Select (CS) signal, which is asserted by the host for selecting the NVM.
A system for managing non-volatile memory (NVM) access in embedded systems addresses the challenge of ensuring reliable communication between a host processor and NVM devices, particularly when multiple devices share a common bus. The system includes a controller that monitors and processes instructions from the host to control NVM operations. The controller identifies specific instructions intended for the NVM and executes them while managing signal interactions to prevent conflicts. A key feature is the ability to override a Chip-Select (CS) signal, which is typically asserted by the host to select the NVM. This override ensures that the NVM remains properly selected during critical operations, even if the host inadvertently deasserts the CS signal. The controller may also handle other signals, such as clock or data lines, to maintain stable communication. This approach prevents data corruption and ensures consistent NVM access, improving system reliability in environments where signal integrity is critical. The system is particularly useful in applications requiring high-speed or concurrent NVM access, such as industrial control, automotive systems, or embedded computing.
3. The controller according to claim 1 , wherein the processor is configured to receive the instructions intended to the NVM by intercepting a Chip-Select signal, which is asserted by the host for selecting the NVM.
This invention relates to a controller for managing non-volatile memory (NVM) in a storage system, addressing the need for efficient and secure data handling between a host system and the NVM. The controller includes a processor that intercepts a Chip-Select signal asserted by the host to select the NVM, allowing the processor to monitor and control access to the memory. By intercepting this signal, the controller can enforce security policies, optimize performance, or redirect operations before they reach the NVM. The processor may also execute instructions intended for the NVM, enabling additional processing or validation before data is written or read. This interception mechanism ensures that all interactions with the NVM are mediated by the controller, enhancing data integrity and system reliability. The controller may further include interfaces for communicating with the host and the NVM, as well as a memory buffer for temporary data storage. The overall system improves security and efficiency in memory operations by centralizing control through the controller.
4. The controller according to claim 1 , wherein the processor is configured to execute the identified instruction in conjunction with a Trusted Platform Module (TPM).
A system for secure instruction execution in computing environments addresses vulnerabilities in software-based security mechanisms that are susceptible to tampering or unauthorized access. The system includes a controller with a processor that identifies and executes specific instructions in a secure manner. The processor is configured to execute these identified instructions in conjunction with a Trusted Platform Module (TPM), a hardware-based security component that provides cryptographic functions and secure storage. The TPM ensures the integrity and confidentiality of the execution process, protecting against unauthorized modifications or access. The system may also include a memory module to store instructions and a communication interface to interact with external devices or networks. The processor may further validate the integrity of the instructions before execution, ensuring they have not been altered. This approach enhances security by leveraging hardware-based security features to mitigate risks associated with software-only security solutions. The system is applicable in environments where secure execution of sensitive operations is critical, such as financial transactions, authentication processes, or confidential data handling.
5. The controller according to claim 4 , wherein the TPM is integrated in the controller.
A controller is designed for managing secure operations in computing systems, particularly addressing vulnerabilities in trusted platform modules (TPMs) that are often separate components. The controller integrates a TPM directly into its hardware, eliminating the need for an external TPM while maintaining secure cryptographic functions. This integration reduces system complexity, improves performance by minimizing communication delays between the controller and TPM, and enhances security by reducing attack surfaces associated with external interfaces. The controller includes a processing unit that executes firmware to perform cryptographic operations, such as key generation, storage, and authentication, using the integrated TPM. The firmware ensures that these operations comply with security protocols, such as those defined by the Trusted Computing Group (TCG). The controller may also include interfaces for communicating with other system components, such as processors or memory, while maintaining secure data pathways. By consolidating the TPM within the controller, the design simplifies hardware architecture and strengthens security by reducing exposure to physical and communication-based attacks. This approach is particularly useful in embedded systems, IoT devices, and other applications where space, power efficiency, and security are critical.
6. The controller according to claim 4 , wherein the TPM is external to the controller, and wherein the controller further comprises a TPM interface for communicating with the TPM.
A controller is designed to enhance secure communication and processing in computing systems, particularly for applications requiring trusted platform module (TPM) functionality. The controller includes a TPM interface that enables communication with an external TPM, allowing the controller to leverage the TPM's cryptographic and security features while maintaining separation between the controller and the TPM. This external TPM integration ensures that sensitive security operations, such as key generation, storage, and authentication, are handled by a dedicated hardware module, reducing the risk of compromise. The controller may also include additional components, such as a processor, memory, and communication interfaces, to manage data processing and secure transactions. By offloading security-critical functions to the external TPM, the controller improves system security and compliance with industry standards for trusted computing. This design is particularly useful in environments where physical separation of security components is required, such as in embedded systems, IoT devices, or enterprise computing infrastructure. The TPM interface ensures seamless interaction between the controller and the TPM, enabling secure boot processes, encrypted data storage, and authenticated communication channels.
7. The controller according to claim 4 , wherein the TPM is external to the controller and is connected to the host, and wherein the processor is configured to communicate with the TPM via the host interface.
A system for secure computing involves a controller with a processor and a host interface, where the processor is configured to execute instructions for managing cryptographic operations. The system includes a Trusted Platform Module (TPM) that is external to the controller and connected to a host device. The processor communicates with the TPM through the host interface, enabling secure authentication, encryption, and key management. The TPM provides hardware-based security features, such as secure storage of cryptographic keys and attestation of system integrity. The host interface facilitates data exchange between the controller and the TPM, ensuring that sensitive operations are performed in a trusted environment. This configuration enhances security by isolating the TPM from the controller, reducing the risk of unauthorized access or tampering. The system is particularly useful in applications requiring high levels of security, such as secure boot processes, digital rights management, and secure communication protocols. The external TPM allows for modular design, enabling upgrades or replacements without modifying the controller hardware. The processor's ability to interact with the TPM via the host interface ensures seamless integration while maintaining robust security measures.
8. A method, comprising: in a controller, receiving from a host instructions for execution in a Non-Volatile Memory (NVM); identifying among the instructions an instruction, which (i) conforms to a Replay-Protected Monotonic Counter (RPMC) specification, (ii) pertains to a secure monotonic counter and (iii) is intended for execution in a NVM having a secure monotonic counter embedded therein; executing the identified instruction, in accordance with the RPMC specification, by the controller instead of the NVM; and communicating with an NVM that does not have an embedded secure monotonic counter, and forwarding the instructions other than the identified instruction to the NVM for execution.
This invention relates to secure data processing in non-volatile memory (NVM) systems, specifically addressing the challenge of handling instructions for secure monotonic counters in environments where the NVM lacks embedded counter support. Secure monotonic counters are critical for ensuring data integrity and security, particularly in applications requiring tamper-proof timestamps or sequence tracking. The invention provides a method for a controller to manage such instructions efficiently. When a host sends instructions for execution in an NVM, the controller identifies those that conform to the Replay-Protected Monotonic Counter (RPMC) specification, pertain to a secure monotonic counter, and are intended for an NVM with embedded counter support. Instead of forwarding these instructions to the NVM, the controller executes them locally in accordance with the RPMC specification. Meanwhile, other instructions are forwarded to the NVM for execution. This approach ensures compatibility with NVMs that lack embedded secure counters while maintaining the security and functionality of RPMC-compliant operations. The method optimizes performance by offloading counter-related tasks to the controller, reducing reliance on NVM hardware capabilities. This solution is particularly useful in systems where NVMs may vary in their support for secure features, ensuring consistent behavior across different hardware configurations.
9. The method according to claim 8 , wherein executing the identified instruction comprises overriding a Chip-Select (CS) signal, which is asserted by the host for selecting the NVM.
This invention relates to memory management in systems where a host device communicates with a non-volatile memory (NVM) device. The problem addressed is ensuring reliable execution of specific instructions in the NVM, particularly when the host's control signals may interfere with the intended operation. The solution involves a method where the NVM identifies an instruction that requires special handling, such as a command that must be executed without interruption. When such an instruction is detected, the NVM overrides the host's Chip-Select (CS) signal, which is normally used to enable communication with the NVM. By overriding the CS signal, the NVM ensures that the instruction is executed without premature termination or interference from the host. This method is particularly useful in systems where the host may inadvertently deassert the CS signal during critical operations, such as during a multi-step command sequence or a self-test routine. The override mechanism allows the NVM to maintain control over the execution flow, ensuring that the instruction completes successfully. The method may be part of a broader system where the NVM monitors incoming commands, identifies those requiring special handling, and applies the necessary signal overrides to ensure proper execution. This approach enhances reliability in memory operations, especially in environments where the host's control signals may be unstable or unpredictable.
10. The method according to claim 8 , wherein receiving the instructions intended to the NVM comprises intercepting a Chip-Select signal, which is asserted by the host for selecting the NVM.
This invention relates to non-volatile memory (NVM) systems, specifically addressing the challenge of securely managing access to NVM devices in embedded systems. The method involves intercepting a Chip-Select signal, which is asserted by a host system to select and communicate with the NVM. By monitoring or modifying this signal, the system can control or restrict access to the NVM, ensuring secure and authorized operations. This interception may involve detecting the signal, delaying its assertion, or altering its behavior to enforce access policies or prevent unauthorized interactions. The method may also include additional steps such as validating the host's request, logging access attempts, or redirecting the signal to alternative memory regions. The interception mechanism can be implemented in hardware, firmware, or software, depending on the system architecture. The goal is to enhance security by preventing unauthorized reads, writes, or erasures of the NVM, particularly in environments where the host system may not be fully trusted or where the NVM contains sensitive data. This approach is useful in applications such as secure boot processes, firmware updates, and protected storage systems.
11. The method according to claim 8 , wherein executing the identified instruction comprises executing the identified instruction in conjunction with a Trusted Platform Module (TPM).
A method for secure instruction execution in computing systems addresses the problem of unauthorized access and tampering with sensitive operations. The method involves identifying an instruction that requires secure execution, such as a cryptographic operation or access control check. The identified instruction is then executed in conjunction with a Trusted Platform Module (TPM), a hardware-based security component that provides secure storage, cryptographic functions, and platform integrity verification. The TPM ensures that the instruction is executed in a trusted environment, preventing unauthorized modifications or access. This approach enhances security by leveraging hardware-based security features to protect critical operations from software-based attacks. The method may also include verifying the integrity of the execution environment before executing the instruction, ensuring that the system has not been compromised. By integrating the TPM, the method provides a robust solution for securing sensitive operations in computing systems.
12. The method according to claim 11 , wherein the TPM is integrated in the controller.
A method for enhancing security in electronic systems involves integrating a Trusted Platform Module (TPM) within a controller to provide secure cryptographic operations. The TPM is a hardware-based security component that ensures secure storage of cryptographic keys, authentication, and integrity verification. By embedding the TPM directly into the controller, the method reduces vulnerabilities associated with external TPM connections, such as tampering or interception. The controller manages system operations and interfaces with the TPM to perform tasks like secure boot, encryption, and digital signing. This integration improves performance by eliminating communication delays between separate TPM and controller units while maintaining high security standards. The method is particularly useful in embedded systems, IoT devices, and industrial control systems where security and efficiency are critical. The TPM handles cryptographic functions, while the controller executes system-level commands, ensuring a seamless and secure operation. This approach minimizes attack surfaces and enhances overall system reliability.
13. The method according to claim 11 , wherein the TPM is external to the controller, and wherein executing the identified instruction comprises communicating with the TPM.
A method for secure computing involves a system with a controller and a Trusted Platform Module (TPM) that is external to the controller. The TPM is a hardware-based security module designed to provide secure cryptographic operations and protect sensitive data. The method includes executing an instruction identified by the controller, where executing the instruction involves communicating with the external TPM. This communication may include sending cryptographic commands, retrieving secure keys, or performing other security-related operations. The external TPM enhances security by isolating sensitive operations from the main controller, reducing the risk of unauthorized access or tampering. The method ensures that security-critical tasks are handled by a dedicated, tamper-resistant component, improving overall system security. The system may be part of a computing device, embedded system, or other electronic device requiring secure processing. The method addresses the need for robust security in environments where sensitive data or operations must be protected from external threats.
14. The method according to claim 11 , wherein the TPM is external to the controller and is connected to the host, and wherein executing the identified instruction comprises communicating with the TPM via the host interface.
A method for secure computing involves using a Trusted Platform Module (TPM) to execute cryptographic operations. The TPM is a dedicated hardware component that provides secure storage and cryptographic functions, such as key generation, encryption, and digital signatures. The method addresses the need for secure processing in computing systems where sensitive operations must be isolated from potential vulnerabilities in the main processor or software layers. In this method, a controller receives an instruction for a cryptographic operation and identifies the appropriate TPM command to execute. The TPM is connected to the host system, and the controller communicates with the TPM through the host interface to perform the operation. This approach ensures that cryptographic functions are handled by a trusted hardware module, reducing the risk of tampering or unauthorized access. The method is particularly useful in systems where security is critical, such as financial transactions, authentication systems, or secure data storage. The TPM's external placement allows for modular integration, enabling different systems to leverage its security features without requiring built-in TPM functionality. The host interface facilitates communication between the controller and the TPM, ensuring seamless execution of cryptographic tasks while maintaining isolation from the main system components. This design enhances security by centralizing sensitive operations within a dedicated, tamper-resistant module.
Unknown
November 24, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.